In today’s digital age, cyber threats are not just increasing—they’re evolving. Organizations worldwide face a complex and ever-changing cybersecurity landscape, making it imperative to shift from traditional compliance-based strategies to more dynamic, threat-oriented approaches. Enter Cyber Prep 2.0, a framework designed to help organizations define and articulate their cybersecurity strategies based on specific threats they face.
The Need for Cyber Preparedness
The cyber threat ecosystem has grown exponentially, with major data breaches and advanced persistent threats becoming commonplace. Cyber preparedness—organizational readiness to handle cyber attacks—has thus become an integral part of enterprise risk management.
Organizations must navigate a myriad of resources, frameworks, and guidelines related to cyber risk management. However, these resources vary in their underlying assumptions about the nature of cyber threats, often leaving organizations unsure about which strategies to adopt.
Introducing Cyber Prep 2.0
Developed by The MITRE Corporation, Cyber Prep 2.0 is a threat-oriented approach that allows organizations to:
- Define Threat Assumptions: Understand why they might be targeted.
- Develop Tailored Strategies: Create customized cybersecurity strategies aligned with their threat landscape.
- Complement Existing Frameworks: Use Cyber Prep 2.0 alongside other detailed frameworks like the NIST Cybersecurity Framework.
Distinguishing Features of Cyber Prep 2.0
Unlike traditional frameworks, Cyber Prep 2.0 focuses on both the threats organizations face and the measures they can take to defend themselves, making the relationship between the two explicit.
Multiple Dimensions Considered
- For Attackers: Intent, Scope, Timeframe, Capabilities.
- For Defenders: Governance, Operations, Architecture & Engineering.
This multidimensional approach ensures that organizations can make informed decisions based on a comprehensive understanding of both their adversaries and their own capabilities.
The Cyber Prep Toolset
Cyber Prep 2.0 provides tools at various levels of detail:
- Threat Modeling Framework: Helps organizations articulate why they might be targeted and by whom.
- Five Classes of Adversaries and Preparedness Strategies: Ranges from conventional threats like cyber vandalism to advanced threats like cyber-supported strategic disruption.
- Strategic Elements in Three Areas:
- Governance: Overall approach to defending against cyber threats.
- Operations: Proactive or reactive engagement across the cyber attack lifecycle.
- Architecture & Engineering: Integration of security architecture with mission operations.
Understanding the Five Classes of Adversaries
Cyber Prep 2.0 categorizes adversaries into five classes based on their goals and capabilities. Below is a simplified table that characterizes these threats:
Table 1: Characterizing the Threat
| Adversary Class | Goals | Scope | Timeframe & Stealth | Examples of Effects | Capabilities |
|---|---|---|---|---|---|
| Cyber Vandalism | - Personal motives (attention, malice) - Financial gain (fraud) | - Subset of organization (e.g., public website) | - Periodic attacks - Not persistent - Not stealthy | - Website defacement - DoS attacks - Altered records | - Basic malware - Purchased botnets - Stolen credentials |
| Cyber Incursion | - Personal motives (e.g., stealing PII) - Financial gain (extortion, sale of data) - Stepping-stone attacks | - Organizational operations - Associates | - Sustained activities in some attack stages - Limited concern for stealth | - Data breaches - Ransomware - Extended DoS | - Advanced malware - Escalated privileges via stolen credentials |
| Cyber Breach & Organizational Disruption | - Large-scale financial gain - Geopolitical advantage (economic) - Stepping-stone attacks | - Organizational operations - Associates | - Persistent, stealthy activities in most attack stages | - Extensive data breaches - Footholds in other organizations | - Custom-developed malware (e.g., zero-day exploits) |
| Cyber Espionage & Extended Disruption | - Financial gain - Geopolitical advantage (all types) | - Organizational operations - Entire sector | - Sustained, stealthy activities in all attack stages | - Repeated data breaches - Extensive DoS attacks | - Targeted malware crafted for long-term presence |
| Cyber-Supported Strategic Disruption | - Geopolitical advantage (strategic goals) | - Selected organizations - Sector - Nation-wide impact | - Strategic, persistent, and stealthy across all attack stages - Includes supply chain and infrastructure attacks | - Subverted or degraded critical infrastructure | - Stealthy, destructive malware - Supply chain attacks - Kinetic attacks |
Defining Organizational Preparedness
Corresponding to these adversary classes are five preparedness strategies that organizations can adopt. Here’s a simplified table outlining these strategies and their key characteristics:
Table 2: Cyber Preparedness Strategies
| Preparedness Strategy | Threat Preparedness | Approach |
|---|---|---|
| Basic Hygiene | - Defend against unsophisticated, one-time attacks with limited effects. - Adversary capability, intent, and targeting: Very Low. | - Use informal cybersecurity processes focusing on compliance. - Minimal investment in security posture assessment. - Reactive incident response after attacks occur. - Security capabilities focus on Protect, Detect, and Respond functions (per NIST CSF). |
| Critical Information Protection | - Defend against sustained attacks by unsophisticated adversaries with limited effects. - Adversary capability, intent, and targeting: Low. | - Security decisions handled by a Security Program Officer. - Share threat information with partners. - Monitor cyber resources. - Respond to incidents during exploitation and execution stages. - Security capabilities include Recover in addition to Protect, Detect, Respond. |
| Responsive Awareness | - Defend against sustained campaigns by moderately-resourced, stealthy adversaries seeking significant advantages. - Adversary capability, intent, and targeting: Medium. | - Integrate cybersecurity with related disciplines. - Cooperate with peers, partners, suppliers, customers. - Use updated threat intelligence in monitoring. - Manage events across the entire cyber attack lifecycle. - Security capabilities include all NIST CSF functions plus some resiliency objectives. |
| Cyber Resilience | - Defend against multiple sustained campaigns by well-resourced, stealthy adversaries seeking long-term advantages. - Adversary capability, intent, and targeting: High. | - Dedicated corporate officer for cybersecurity decisions. - Integrate cybersecurity with mission assurance (MA). - Coordinate with counterparts in other organizations. - Maintain cyber situational awareness. - Develop tailored response tools. - Security capabilities include most resiliency objectives. |
| Pervasive Agility | - Defend against strategic, integrated campaigns by stealthy adversaries seeking geopolitical advantages. - Adversary capability, intent, and targeting: Very High. | - CEO engagement in mission assurance decisions. - Collaborate across disciplines to ensure continuity. - Integrate cyber and mission situational awareness. - Develop new threat analytics and forensics methods. - Jointly develop contingency and response plans. - Security capabilities include all resiliency objectives. |
Applying Cyber Prep with Other Frameworks
One of the strengths of Cyber Prep 2.0 is its compatibility with other frameworks. It can be used to:
- Index into Other Frameworks: Identify relevant portions of detailed frameworks like the NIST Cybersecurity Framework (CSF).
- Complement and Extend: Fill gaps or extend the capabilities of existing frameworks.
- Tailor Strategies: Customize approaches based on organizational size, culture, and constraints.
For example, the capability aspect of Cyber Prep threat classes roughly corresponds to the tiers of the Defense Science Board (DSB) threat model. Similarly, the governance area of Cyber Prep classes aligns with the tiers in the NIST CSF.
Conclusion
As cyber threats continue to evolve, it’s no longer sufficient for organizations to rely on compliance-driven strategies. Cyber Prep 2.0 offers a comprehensive, threat-oriented approach that helps organizations understand their unique threat landscapes and develop tailored strategies in governance, operations, and architecture & engineering.
By adopting Cyber Prep 2.0, organizations can move beyond mere compliance, becoming proactive in their cybersecurity efforts and better prepared to face advanced threats.
For a deeper dive into Cyber Prep 2.0 and its practical applications, explore MITRE’s detailed publication. This resource covers the framework’s full capabilities, including advanced threat modeling techniques, preparedness classes, and actionable strategies. Whether you’re a cybersecurity professional or a strategic decision-maker, MITRE’s insights offer a valuable guide to enhancing organizational resilience in today’s challenging cyber landscape.
